How to fix permission denied error when trying to install packages using Ansible?
Asked Answered
H

2

6

I'm trying to write a simple Ansible Playbook, please look at snippets below. Using Ansible 2.4.0.0, Ubuntu 17.04, Python 2.7.13. This is my first time using Ansible and Playbooks so please don't be too harsh. What am I doing wrong?

playbook.yml

---
- name: install packages
  hosts: dbservers
  become: yes
  become_method: sudo
  become_user: user

  tasks:
  - name: Update repositories cache and install "python-minimal" package
  apt:
    name: python-minimal
    update_cache: yes

hosts file

 ---
 [dbservers]
 db ansible_host=127.0.0.1 ansible_port=22 ansible_user=user ansible_ssh_pass=pass ansible_become_pass=pass ansible_become_user=user

Command: ansible-playbook -i hosts playbook.yml -vvv

Command above returns following error:

The full traceback is:
  File "/tmp/ansible_yozgsn/ansible_module_apt.py", line 287, in <module>
    import apt

fatal: [db]: FAILED! => {
    "changed": false, 
    "cmd": "apt-get update", 
    "failed": true, 
    "invocation": {
        "module_args": {
            "allow_unauthenticated": false, 
            "autoclean": false, 
            "autoremove": false, 
            "cache_valid_time": 0, 
            "deb": null, 
            "default_release": null, 
            "dpkg_options": "force-confdef,force-confold", 
            "force": false, 
            "force_apt_get": false, 
            "install_recommends": null, 
            "name": "python-minimal", 
            "only_upgrade": false, 
            "package": [
                "python-minimal"
            ], 
            "purge": false, 
            "state": "present", 
            "update_cache": true, 
            "upgrade": null
        }
    }, 
    "msg": "W: chmod 0700 of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)\nE: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)\nE: Unable to lock directory /var/lib/apt/lists/\nW: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)\nW: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)", 
    "rc": 100, 
    "stderr": "W: chmod 0700 of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)\nE: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)\nE: Unable to lock directory /var/lib/apt/lists/\nW: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)\nW: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)\n", 
    "stderr_lines": [
        "W: chmod 0700 of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)", 
        "E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)", 
        "E: Unable to lock directory /var/lib/apt/lists/", 
        "W: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)", 
        "W: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)"
    ], 
    "stdout": "Reading package lists...\n", 
    "stdout_lines": [
        "Reading package lists..."
    ]
}

Edit: If I connect through SSH to the same machine I can manually update apt-cache and install packages using same user (using sudo). If I run command 'whoami' inside Playbook it returns expected result (user name).

Hollah answered 10/10, 2017 at 14:22 Comment(1)
Please read the guide to asking questions on SO. You responded to each of these answers once, but apparently when you got your answer never came back and accepted one or answered outstanding questions to you (though you did edit as asked).Lactoprotein
L
7

If your user has sudo access, use become: -

tasks:
  - name: Update repositories cache and install "python-minimal" package
    become: yes
    apt:
      name: python-minimal
      update_cache: yes
Lactoprotein answered 10/10, 2017 at 14:39 Comment(1)
If I use become: - then I get syntax error. I also tried to remove all become variables from both playbook and hosts (used in CLI) but it did not help.Hollah
O
7

I think you're confusing become_user and remote_user. remote_user is the user Ansible will use to ssh to the server and become_user is the user Ansible will switch to and run tasks while on the server. You can find out more about become_user and remote_user inside Ansible's docs.

So what's happening here is your playbook is trying to become the "user" user and install packages. It's not installing the packages as root which is what you need. To fix this you can either remove the become_user param from your playbook (become_user defaults as root) or you can add a become_user param to your task.

- name: Update repositories cache and install "python-minimal" package
  apt:
    name: python-minimal
    update_cache: yes
  become_user: root
Opia answered 10/10, 2017 at 16:4 Comment(3)
I don't have access to root user, I have sudoers user account. Is this the root of my problem? (no pun intended) :)Hollah
if you sudo -l, what commands do you have permission to run? I hope we don't have to tweak the ansible.cfgLactoprotein
You need to install packages as root. You might already have the access to do this - I'm not sure what sudoers user account means. sudo -l will tell us if you can or not.Opia

© 2022 - 2024 — McMap. All rights reserved.